Alayna Treene
AciosMon, 18 Dec 2017 17:25 UTC

© Associated PressHeadquarters of Kaspersky Lab in Moscow.
Russian tech company Kaspersky Lab sued the Trump administration in U.S. federal court Monday over its decision to ban the company's software products at all federal agencies due to national security concerns,
reports Reuters. The firm argues that the Department of Homeland Security deprived it of due process and unfairly damaged its reputation.
Why it matters: Kaspersky Lab, the world's largest private cybersecurity company, has been accused of helping Moscow in their intelligence efforts, though they have repeatedly denied any such connection.
Details of the ban: In September, DHS ordered all government agencies to remove Kaspersky Lab software from their devices within 90 days. The ban officially went into effect last week when President Trump signed legislation codifying it.
Statement from Kaspersky Lab"DHS failed to provide Kaspersky Lab with adequate due process and relied primarily on subjective, non-technical public sources like uncorroborated and often anonymously sourced media reports and rumors in issuing and finalizing the Directive," the company's CEO Eugene Kaspersky wrote in an open letter. "DHS has harmed Kaspersky Lab's reputation and its commercial operations without any evidence of wrongdoing by the company."
Comment: More background:
The possible reason:
Kaspersky CEO: U.S. attacks us because we found something U.S. doesn't like
According to US media reports in October 2017, an employee from the National Security Agency (NSA) elite hacking unit lost some of the agency's espionage tools after storing them on his home computer in 2015. The media jumped to blame Kaspersky Lab and the Kremlin.
Following the reports, the company conducted an internal investigation and stumbled upon an incident dating back to 2014. At the time, Kaspersky Lab was investigating the activities of the Equation Group - a powerful group of hackers that later was identified as an arm of the NSA.
As part of Kaspersky's investigation, it analyzed information received from a computer of an unidentified user, who is alleged to be the security service employee in question. It turned out that the user installed pirated software containing Equation malware, then "scanned the computer multiple times," which resulted in antivirus software detecting suspicious files, including a 7z archive.
"The archive itself was detected as malicious and submitted to Kaspersky Lab for analysis, where it was processed by one of the analysts. Upon processing, the archive was found to contain multiple malware samples and source code for what appeared to be Equation malware," the company's October statement explained.
The analyst then reported the matter directly to Eugene Kaspersky, who ordered the company's copy of the code to be destroyed.
On Thursday, Kaspersky Lab issued another statement concerning this incident following a more extensive investigation. The results of the investigation showed that the computer in question was infected with several types of malware in addition to the one created by Equation. Some of this malware provided access to the data on this computer to an "unknown number of third parties."
In particular, the computer was infected with backdoor malware called Mokes, which is also known as Smoke Bot and Smoke Loader. It is operated by an organization called Zhou Lou, based in China.
Comment: More background:
- Kaspersky Lab says it is not affiliated with any government
- Kaspersky Lab CEO acknowledges that company is 'under attack' by US gov't
- DHS orders removal of all Kaspersky Lab products - 'because Russian spies'
- CEO: US government knows Kaspersky Lab is not involved in cyber-espionage
The possible reason: Kaspersky CEO: U.S. attacks us because we found something U.S. doesn't like